Hackers have broken into Nissan’s network, stealing employees’ usernames and encrypted passwords. Nissan noticed this when they discovered a piece of malicious malware that had targeted employees’ log-in credentials and was transmitting them back to an outside computer server. Nissan was able to trace this back to an IP address, but unfortunately it did not give much indication of who was behind the attack. Andy Palmer, a Nissan executive vice president said there was no indication of any customer, employee or intellectual property data that had been stolen. Nissan waited a week to disclose this attack to customers and employees in order to close up holes in its network and clean up its systems.
Proper virus protection and firewall use could have helped discourage or prevent an authentication hack such as this. Each computer being used on the network needs to have an updated virus protection system. With the current virus protection update installed on each computer, it will remove any known vulnerability from the system. These updates also apply to patches. Certain programs such as Java or Adobe can present vulnerabilities. If these programs are up-to-date (aka most current patch), the program will have been corrected for any previously known vulnerability. Firewalls also need to be current and the logs should be reviewed frequently. If this was done, Nissan may have been able to find unusual traffic patterns such as DNS failures or dropped packets. If these patterns are noticed, attackers can be black holed and have their packets dropped.
MD Anderson Cancer Center
An unencrypted laptop was recently stolen from a University of Texas, MD Anderson Cancer Centers physician’s home. It was confirmed that the stolen laptop may have contained patients personal information including; patients names, medical record numbers, treatment and/or research information, and Social Security numbers. The computer has still not been recovered and the cancer center is offering credit monitoring services for those whose Social Security numbers were compromised. MD Anderson is also taking steps to better secure all computers and the patient data held within them. Hospital officials say they will reinforce privacy policies so all employees properly handle patient data.
While it is near impossible to avoid the loss of all equipment, the information on the stolen laptop could have been protected through a number of access controls. Authentication and authorization are two areas of access controls that could have prevented the compromise of the data on the stolen computer. The password strength on the laptop should have been sufficient for a device containing confidential data. The raw data on the computer should have been encrypted, as opposed to it being unencrypted. Lastly, Biometric authentication could have been used for access. This uses biological measurements such as a fingerprint scanner or voice recognition to ensure the user is authorized to view the information.
Nissan Hacked
Hackers have broken into Nissan’s network, stealing employees’ usernames and encrypted passwords. Nissan noticed this when they discovered a piece of malicious malware that had targeted employees’ log-in credentials and was transmitting them back to an outside computer server. Nissan was able to trace this back to an IP address, but unfortunately it did not give much indication of who was behind the attack. Andy Palmer, a Nissan executive vice president said there was no indication of any customer, employee or intellectual property data that had been stolen. Nissan waited a week to disclose this attack to customers and employees in order to close up holes in its network and clean up its systems.
Proper virus protection and firewall use could have helped discourage or prevent an authentication hack such as this. Each computer being used on the network needs to have an updated virus protection system. With the current virus protection update installed on each computer, it will remove any known vulnerability from the system. These updates also apply to patches. Certain programs such as Java or Adobe can present vulnerabilities. If these programs are up-to-date (aka most current patch), the program will have been corrected for any previously known vulnerability. Firewalls also need to be current and the logs should be reviewed frequently. If this was done, Nissan may have been able to find unusual traffic patterns such as DNS failures or dropped packets. If these patterns are noticed, attackers can be black holed and have their packets dropped.
MD Anderson Cancer Center
An unencrypted laptop was recently stolen from a University of Texas, MD Anderson Cancer Centers physician’s home. It was confirmed that the stolen laptop may have contained patients personal information including; patients names, medical record numbers, treatment and/or research information, and Social Security numbers. The computer has still not been recovered and the cancer center is offering credit monitoring services for those whose Social Security numbers were compromised. MD Anderson is also taking steps to better secure all computers and the patient data held within them. Hospital officials say they will reinforce privacy policies so all employees properly handle patient data.
While it is near impossible to avoid the loss of all equipment, the information on the stolen laptop could have been protected through a number of access controls. Authentication and authorization are two areas of access controls that could have prevented the compromise of the data on the stolen computer. The password strength on the laptop should have been sufficient for a device containing confidential data. The raw data on the computer should have been encrypted, as opposed to it being unencrypted. Lastly, Biometric authentication could have been used for access. This uses biological measurements such as a fingerprint scanner or voice recognition to ensure the user is authorized to view the information.
50/50